Fix error when creating a partition as analyst user #1525
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Analyst user was allowed to create partitions because the 'create_partition' guard was governed by permission "Edit Results" and the permission required for partition magic view was "ManageAnalysisRequests". Nevertheless, analysts do not have view permissions for some setup objects (like SampleType), so the system was throwing an exception after pressing the button "Create Partitions" from partition magiv view: ``` Traceback (innermost last): Module ZPublisher.Publish, line 138, in publish Module ZPublisher.mapply, line 77, in mapply Module ZPublisher.Publish, line 48, in call_object Module bika.lims.browser.partition_magic, line 97, in call Module bika.lims.utils.analysisrequest, line 480, in create_partition Module bika.lims.utils.analysisrequest, line 87, in create_analysisrequest Module Products.Archetypes.BaseObject, line 636, in processForm Module bika.lims.content.analysisrequest, line 1420, in _renameAfterCreation Module bika.lims.idserver, line 518, in renameAfterCreation Module bika.lims.idserver, line 462, in generateUniqueId Module bika.lims.idserver, line 227, in get_variables AttributeError: 'NoneType' object has no attribute 'getPrefix' ``` This commit makes the "create_partition" transition, and the partition magic view to rely on permission "senaite.core: Add AnalysisRequest", so the transition is not longer available to analyst, and even if he/she tries to access manually to partition magic view, the system will display an "Insufficient privileges" message.
ramonski
approved these changes
Feb 10, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the issue/feature this PR addresses
Analyst user was allowed to create partitions because the 'create_partition' guard was governed by permission "Edit Results" and the permission required for partition magic view was "ManageAnalysisRequests". Nevertheless, analysts do not have view permissions for some setup objects (like SampleType), so the system was throwing an exception after pressing the button "Create Partitions" from partition magic view:
This PR makes the "create_partition" transition, and the partition magic view to rely on permission "senaite.core: Add AnalysisRequest", so the transition is not longer available to analyst, and even if he/she tries to access manually to partition magic view, the system will display an "Insufficient privileges" message.
Current behavior before PR
A traceback is rised when an analyst tries to create partitions
Desired behavior after PR is merged
Analyst does not have privileges to create partitions
--
I confirm I have tested this PR thoroughly and coded it according to PEP8
and Plone's Python styleguide standards.